{"report_id":"23fecf7e-12c4-4b58-ad59-988de11116c4","version":6,"status":"done","tags":[],"date":"2026-01-19T18:50:30Z","url":{"schema":"https","addr":"play-to.click/","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"play-to.click/","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"title":"PHFL Wallet","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"play-to.click/","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-23T18:50:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"play-to.click","ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-20","domain_rank":0,"first_seen":"2026-01-19T18:50:31.341578Z","last_seen":"2026-01-19T18:50:31.341578Z","alert_count":0,"request_count":7,"received_data":1536002,"sent_data":3089,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"come-corroding.g-app-d.cc","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2026-01-19T18:50:31.343371Z","last_seen":"2026-01-19T18:50:31.343372Z","alert_count":8,"request_count":4,"received_data":733510,"sent_data":1885,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-18T22:17:29.309663Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":472,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"come-corroding.g-app-d.cc/_nuxt/assets/index.js","fqdn":"come-corroding.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"46ca340e4938cccabd2d133cfcf8ebbc","sha1":"14e64dc659191bfc249a1da89216604c2948d8ce","sha256":"05f0b2cace0d2c939fc201d934071112785077d71ae04879b90d6783665763b4","sha512":"2554b28d1f8508f1bb9efefcb0f1e4f233bb40db7d28cb964e9b102c0d3a33209ce0fa502d644925b4df8924bc127045c33b1f8822408e1353676fc7442637a4","ssdeep":"12288:LRF5sBNhAUKBgeJPbctfJmC3tw3wjruS9SIOkWLsaQir5g/d:LRGKB4w3w54v4d","tlshash":"6af4b58b1179e4255d90bce478f11c712cdcace0ec5a08b5f3b7dea4e254421a37bba6","size":729211,"data":"","first_seen":"2026-01-19T18:35:42.150788Z","last_seen":"2026-01-19T19:37:18.238319Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/assets/index-CY6N-8XK.js","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bde2f348cd708f3fa5194effd57a7be","sha1":"cdefca0efa68f3a29ddee61859df83b0e365d353","sha256":"f6769de4eeccac081f7bf3f3f3a41b7dde163ec454e05af213ffa7768b54400f","sha512":"641b3ae48c39cd0cfba99aec556ed058fbf794b50546976260963cafcbc50dfebe9481217580f6c2e65c244a7789e59599c529eb56d267792cedcd89287b634e","ssdeep":"3072:vzRwyz0T1dul+GB+w1S4GHQBtHBg33nFua6N6GsS6UiH0U5bbocYwOO13faH6cG:LWul+10HBg33nt6EGslUiH0mwcQOQG","tlshash":"15644ae871d5ba6997e345e4406f0507723e1916b80d84a8b23ceddb2a7100972bbffd","size":318550,"data":"","first_seen":"2026-01-19T18:50:33.376906Z","last_seen":"2026-01-19T19:34:26.380673Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9d4e6a9925896ab6aee78fd878bfe151","sha1":"6809372249b1f8a8cbc94832e6b2de2b394fdeec","sha256":"778c0f7dd6d56cbd6fdd8699ec10b52d1c73b40104d396836959c9e4c187352f","sha512":"442eff2257c5179ae453ceef7cbc0654b774bc63c4184e982343d0ced844a7a5bf5f197cc49db539647d85f426b8547af4fcac0deda8185024c22d286a5b0ba5","ssdeep":"6144:YouXBrBLN5sovvcMUDz1MuTvvcMUDz1MucF3LVtg4m8mU7yziJIuRmF80767i7W8:Youp5s367Gf0Fa1dDZogqQ4em","tlshash":"20e4c74d1239d8268d50d1f57ce20dc5281cace0ecde09a1f7f7ea64e29891172bf7a9","size":696732,"data":"","first_seen":"2026-01-19T18:35:42.151838Z","last_seen":"2026-01-19T19:37:18.24836Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"play-to.click/","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-19T18:50:08.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 18:50:08 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SJoMBrqQhxvnnz98u0AEJ%2FJTNlv3E64CsoQoIu77%2FDcWEAljorA7S%2Bn5YXcV2%2FfCTjB0KosiPifPJF8m4vEQ5HYZFBLHqcOXJy7%2F\"}]}\r\nlast-modified: Fri, 09 Jan 2026 16:29:08 GMT\r\ncf-cache-status: DYNAMIC\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncontent-encoding: br\r\ncf-ray: 9c08841a4fed56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2074,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"05656a52bcc3a4c309efe48050f34a59","sha1":"a10d936c889b841dc53cade4eafdb5b49b884051","sha256":"e07ae6bfe233c845a2e0450862ad271a2b98a4bd22e15a9b40be6a09dc396cfa","sha512":"0d36ab957ec0be1feae2bbff8514725d266e302ca1ccd0e1c04741024f98915d1881e8ed0ecf9b2518a8583ed3ff882907bc2df6e9c555c15a06473ef03ffddc","ssdeep":"","tlshash":"264116238ed4d8550120c2720de6b174c567918feb899d1c779e54e95fc2ec4caf33a4","first_seen":"2026-01-19T18:50:33.37568Z","last_seen":"2026-01-19T19:34:26.373879Z","times_seen":2,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":80,"dns":63,"connect":1,"send":0,"wait":67,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/assets/index-CY6N-8XK.js","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:08.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /assets/index-CY6N-8XK.js HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 92712\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 26 Jan 2026 18:50:08 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 09 Jan 2026 16:29:08 GMT\r\netag: \"4dc56-69612cd4-103b53a0f846262c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\npriority: u=3,i=?0\r\ndate: Mon, 19 Jan 2026 18:50:08 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0P%2F9XlhqIrUYTmANIi1%2B6wkAwIP8J%2Bnc5B8KtY9JeQlNfNWOjxpJYiZKnMConMARrgiDezwX9As5RHKLtDLa%2F3IHxT0x11HfcZbgN%2F4%3D\"}]}\r\ncf-ray: 9c08841bcf281525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":318550,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (37564)","md5":"8bde2f348cd708f3fa5194effd57a7be","sha1":"cdefca0efa68f3a29ddee61859df83b0e365d353","sha256":"f6769de4eeccac081f7bf3f3f3a41b7dde163ec454e05af213ffa7768b54400f","sha512":"641b3ae48c39cd0cfba99aec556ed058fbf794b50546976260963cafcbc50dfebe9481217580f6c2e65c244a7789e59599c529eb56d267792cedcd89287b634e","ssdeep":"3072:vzRwyz0T1dul+GB+w1S4GHQBtHBg33nFua6N6GsS6UiH0U5bbocYwOO13faH6cG:LWul+10HBg33nt6EGslUiH0mwcQOQG","tlshash":"15644ae871d5ba6997e345e4406f0507723e1916b80d84a8b23ceddb2a7100972bbffd","first_seen":"2026-01-19T18:50:33.376906Z","last_seen":"2026-01-19T19:34:26.380673Z","times_seen":2,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/assets/index-Cx7Y60-u.css","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:08.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /assets/index-Cx7Y60-u.css HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 17426\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 26 Jan 2026 18:50:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 09 Jan 2026 16:29:08 GMT\r\netag: \"201ec-69612cd4-8bd740ac9bf8ed4b;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\npriority: u=2,i=?0\r\ndate: Mon, 19 Jan 2026 18:50:08 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JYNI7om8aEH4tCYC%2B0bpOz%2BdtWJDt%2FjrYiTRXpddEZ9m%2B9l7VYgIeE2Hsft3dLs3AXJWlVw8x%2Frzif9GJpoJ9zcOkxf0VDU7N1sq1yY%3D\"}]}\r\ncf-ray: 9c08841bcf291525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":131564,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5c23a1939c4cd8dbaef7b83f021c108c","sha1":"f77ed4c4e9182bcbb41d7d0c0abacaf2e18ea8b3","sha256":"43a69b96d95cc9817c42dd95c58842da115ee7210e4ae2cfb796e7a927c0c0e7","sha512":"1a12004bf5fe79b1066cde6245365d3239a790e82d5f6d2b594cd7c743f15959798780594fcc0ac8ebf056f8ac41dc8eb29052fec11ab930f78a77eab08a0d32","ssdeep":"1536:aRSUh0hQEBslP9amLuJaQSsMq+WDhzmAkX7zn8ge0kU988R988q:qh0vslPYquXMq+WDhKA/","tlshash":"edd371a0b175e03bbc23b4fd938cf45d911ab0d5ed2903ddbe11a11627e3bf259a6a04","first_seen":"2026-01-19T18:50:33.377987Z","last_seen":"2026-01-19T19:34:26.376103Z","times_seen":2,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/image/token.png","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /image/token.png HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 359511\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 26 Jan 2026 18:50:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 09 Jan 2026 16:34:50 GMT\r\netag: \"57c57-69612e2a-832412418810e7dc;;;\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ndate: Mon, 19 Jan 2026 18:50:09 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QVTopK2l%2FA5of%2F1n71Pz3JQ3Kc9WuIR93Ts8UhwlIU5H2OuM1z0bHQza%2FpInv0bRIqqfXs9%2B17T%2FmY5TD762D04khu6xtk5lxMyeY5s%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9c088421d8021525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359511,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"df1dca8e8e6261e766461885ee43fadb","sha1":"e20d4a3e1498bb4d1a38dcbb6d7dc2eb4dd67841","sha256":"1572035ddf4a1fad4850b134a435eeccd8649edac68b31e2f32a1a9419db84af","sha512":"9355b00f6dbd5687486ae580dc020a0bff9e7fba9b4fad66e220ab166a35bb75e2c00ff0cd2525e839fd3abdcf91482aa9b95ca8178c61b850dc6dfead7a0146","ssdeep":"6144:rj7qbeR91/JHHltD2668l+e04lUmjlxc6awPFUd4k06hXBzjSogeX:rjmbej1/Jltll+DS3FUq6xqozX","tlshash":"84742369be486dc797befe8a38d9075e479b80ce925b644c3dfa0290962045fc46cf03","first_seen":"2026-01-19T18:50:33.379161Z","last_seen":"2026-01-19T19:34:26.379849Z","times_seen":2,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"come-corroding.g-app-d.cc/api/visit?origin=play-to.click","fqdn":"come-corroding.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 13:28:04 GMT","end":"Tue, 24 Feb 2026 14:26:36 GMT"},"fingerprint":{"sha1":"7E:09:61:34:DC:1E:E5:0C:3D:6B:F8:D8:18:BC:ED:85:DB:EB:41:61","sha256":"19:DF:09:C4:6B:0C:89:78:C9:D8:3D:66:F1:4F:98:66:D7:F3:A2:9D:6A:D5:F8:E1:8E:71:07:D5:20:FE:31:3E"}}},"request":{"raw":"POST /api/visit?origin=play-to.click HTTP/1.1\r\nHost: come-corroding.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://play-to.click/\r\nOrigin: https://play-to.click\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 19 Jan 2026 18:50:10 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aBTXvpTFVaZY9h%2BlsHPpoi9%2FP1Usq7DInXYnQz4njhf7X2W2XrWqS%2BUJA1PZ1WRZ2JCAcGfHA5Py2gexlsRsBFRQ5N7Gdg5ty5d1w73wp7gx6A6D61JTkMk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9c0884237ad61525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-07T20:32:34.464754Z","times_seen":423281,"resource_available":true,"data":null}},"time_used":582,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":582,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/image/token.png","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:10.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /image/token.png HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 359511\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 26 Jan 2026 18:50:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 09 Jan 2026 16:34:50 GMT\r\netag: \"57c57-69612e2a-832412418810e7dc;;;\"\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\ndate: Mon, 19 Jan 2026 18:50:10 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7uF%2Fsavee33VQGT0rvNXaHYDTLmWiivDf5OQtDzQlPIjR%2FLKyeNR2AQhimBus5QIcZL7aJ0pAPcCmji%2Fp4Bvozl%2B7viSAKhempRBERI%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9c088424e89c1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359511,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"df1dca8e8e6261e766461885ee43fadb","sha1":"e20d4a3e1498bb4d1a38dcbb6d7dc2eb4dd67841","sha256":"1572035ddf4a1fad4850b134a435eeccd8649edac68b31e2f32a1a9419db84af","sha512":"9355b00f6dbd5687486ae580dc020a0bff9e7fba9b4fad66e220ab166a35bb75e2c00ff0cd2525e839fd3abdcf91482aa9b95ca8178c61b850dc6dfead7a0146","ssdeep":"6144:rj7qbeR91/JHHltD2668l+e04lUmjlxc6awPFUd4k06hXBzjSogeX:rjmbej1/Jltll+DS3FUq6xqozX","tlshash":"84742369be486dc797befe8a38d9075e479b80ce925b644c3dfa0290962045fc46cf03","first_seen":"2026-01-19T18:50:33.379161Z","last_seen":"2026-01-19T19:34:26.379849Z","times_seen":2,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"come-corroding.g-app-d.cc/_nuxt/assets/index.js","fqdn":"come-corroding.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:08.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 13:28:04 GMT","end":"Tue, 24 Feb 2026 14:26:36 GMT"},"fingerprint":{"sha1":"7E:09:61:34:DC:1E:E5:0C:3D:6B:F8:D8:18:BC:ED:85:DB:EB:41:61","sha256":"19:DF:09:C4:6B:0C:89:78:C9:D8:3D:66:F1:4F:98:66:D7:F3:A2:9D:6A:D5:F8:E1:8E:71:07:D5:20:FE:31:3E"}}},"request":{"raw":"GET /_nuxt/assets/index.js HTTP/1.1\r\nHost: come-corroding.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://play-to.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 18:50:08 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 19 Jan 2026 18:34:22 GMT\r\netag: W/\"696e792e-b25c7\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, must-revalidate\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wWIiHppq8GVhIm50LYZ9DY4z7N8mzdPCRn9scwTXbh3S0KLLhjEXcUw8ppyBdM5nK4Q5c5DIYnnF5Lc7DAGqItPCzdvidHcUW00O8ni14raIIhiACjpb\"}]}\r\ncf-ray: 9c08841c1dc556c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":730567,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (57476), with no line terminators","md5":"ec995a10f55e36f60fdf2b8bf5d17fd9","sha1":"eda455632bde9095653835f00f5452cd08e300df","sha256":"55e2f0922fbf973ea52b58b19545e6bfaaf9ec280f41dd621697b92e7f622dd9","sha512":"8c65308b15bd09be45ebcb357d5b9ffecb5dbbeeb5d945a6e56f745cf7bdfc47fcb7a5a5a8ae0aff953af43f55bf2daaeb8331ca4e923f1ae445839f1cc0ecd2","ssdeep":"12288:LRF5sBNhAUKBgeJPbctfJmCVtw3wjruSRCbOkWLsaQir5g/d:LRGKB4w3w51v4d","tlshash":"05f4d78b1179e6295d90bcf47cf11c702cdca8e0dc4a08b5f3b7ee94a255421637bba6","first_seen":"2026-01-19T18:50:33.380674Z","last_seen":"2026-01-19T18:50:33.380674Z","times_seen":1,"resource_available":false,"data":null}},"time_used":418,"timings":{"blocked":42,"dns":29,"connect":1,"send":0,"wait":326,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Dec 2025 17:10:07 GMT","end":"Tue, 03 Mar 2026 17:10:06 GMT"},"fingerprint":{"sha1":"82:59:95:33:5E:76:7F:3E:5B:45:F4:CA:83:29:7C:B2:19:B0:A5:C0","sha256":"A1:28:19:D2:C4:EA:69:3E:6D:8D:7A:20:FC:3E:A6:13:BA:59:C5:9C:DE:7D:D1:25:3D:35:68:98:FC:47:82:9D"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 19 Jan 2026 18:50:09 GMT\r\ndate: Mon, 19 Jan 2026 18:50:09 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-06-07T20:19:32.695628Z","times_seen":29532,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":160,"dns":1,"connect":20,"send":0,"wait":34,"receive":0,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/image/token.png","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /image/token.png HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T20:34:21.112536Z","times_seen":16220865,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"come-corroding.g-app-d.cc/api/is-banned","fqdn":"come-corroding.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 13:28:04 GMT","end":"Tue, 24 Feb 2026 14:26:36 GMT"},"fingerprint":{"sha1":"7E:09:61:34:DC:1E:E5:0C:3D:6B:F8:D8:18:BC:ED:85:DB:EB:41:61","sha256":"19:DF:09:C4:6B:0C:89:78:C9:D8:3D:66:F1:4F:98:66:D7:F3:A2:9D:6A:D5:F8:E1:8E:71:07:D5:20:FE:31:3E"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: come-corroding.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://play-to.click/\r\nOrigin: https://play-to.click\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 18:50:09 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jhppnXskrfG4JFs4HUj8NydKjHgDLz3rj9Cx4Z8X5LAhqcV3J9JIvtds9C0ybhArnAGCzfVFYd0aQ2rlnip%2FeVnEw11QL2i1gsSilgubxiZ%2B%2FpNtzxxi\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9c0884225bd956c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-06-07T20:12:56.300031Z","times_seen":114361,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"come-corroding.g-app-d.cc/api/config","fqdn":"come-corroding.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:09.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 13:28:04 GMT","end":"Tue, 24 Feb 2026 14:26:36 GMT"},"fingerprint":{"sha1":"7E:09:61:34:DC:1E:E5:0C:3D:6B:F8:D8:18:BC:ED:85:DB:EB:41:61","sha256":"19:DF:09:C4:6B:0C:89:78:C9:D8:3D:66:F1:4F:98:66:D7:F3:A2:9D:6A:D5:F8:E1:8E:71:07:D5:20:FE:31:3E"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: come-corroding.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://play-to.click/\r\ncontent-language: en-US,q=0.8;en\r\nOrigin: https://play-to.click\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 Jan 2026 18:50:09 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cfV9BdApqehSqDMU1Omt0gjRtKCA4yi%2BKd5jw4l6FYE5gL4Y1a8EQTu38WNY8OP4fziycQnKzL1yQByI8NssUIeqaZi0aQTiIl2UlUwveEK6UqtvUTPy\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9c0884225bdb56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":183,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"d6daba2ab97c9b0a19307dfcb7221718","sha1":"74868ca5e75e7497eda1c51fa5ef6905cf899597","sha256":"5c2a062ef575375e64550980180575eccbe5c0470320bc7f9b7f97aea88a7259","sha512":"2be0214d65df37c0cf0a6e4afae133f19fc473caa52baf7400227552cb62c43fbf16adeb15dd7288f064dfe42260d2410abcb35faf2aa36a472490e6818f38d8","ssdeep":"","tlshash":"f3d0eb43a2d1d6c1960341a8a0c8b2e837b3ab7b7a08f82880345320242ca3ca072200","first_seen":"2026-01-19T18:50:33.383066Z","last_seen":"2026-01-19T18:50:33.383066Z","times_seen":1,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-19","alert":"Sinkholed","trigger":"come-corroding.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"play-to.click/image/token.png","fqdn":"play-to.click","domain":"play-to.click","tld":"click"},"ip":{"addr":"104.21.19.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://play-to.click/","date":"2026-01-19T18:50:10.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"play-to.click","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Dec 2025 14:32:13 GMT","end":"Fri, 20 Mar 2026 15:29:20 GMT"},"fingerprint":{"sha1":"CE:EC:67:5B:96:64:AC:4B:F1:AB:E3:31:14:7E:F8:4A:F1:1A:05:A0","sha256":"BE:15:78:35:EC:E7:E2:05:84:E3:C6:13:2A:BC:95:9E:A8:D6:14:1E:93:95:3C:35:E9:E3:29:C3:87:3E:CF:AF"}}},"request":{"raw":"GET /image/token.png HTTP/1.1\r\nHost: play-to.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://play-to.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 359511\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 26 Jan 2026 18:50:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 09 Jan 2026 16:34:50 GMT\r\netag: \"57c57-69612e2a-832412418810e7dc;;;\"\r\naccept-ranges: bytes\r\npriority: u=6,i=?0\r\ndate: Mon, 19 Jan 2026 18:50:10 GMT\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xw4urVzIs1IC01ezfnT%2FxKSSWN%2BOXI771VjphIg4cxDUARvd5fqHy75mpv3UwcfGYAu55Fh0SHvCPv7G%2FmkkMk%2Fb3KcJV82OF3dbI1A%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9c088424f89d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359511,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"df1dca8e8e6261e766461885ee43fadb","sha1":"e20d4a3e1498bb4d1a38dcbb6d7dc2eb4dd67841","sha256":"1572035ddf4a1fad4850b134a435eeccd8649edac68b31e2f32a1a9419db84af","sha512":"9355b00f6dbd5687486ae580dc020a0bff9e7fba9b4fad66e220ab166a35bb75e2c00ff0cd2525e839fd3abdcf91482aa9b95ca8178c61b850dc6dfead7a0146","ssdeep":"6144:rj7qbeR91/JHHltD2668l+e04lUmjlxc6awPFUd4k06hXBzjSogeX:rjmbej1/Jltll+DS3FUq6xqozX","tlshash":"84742369be486dc797befe8a38d9075e479b80ce925b644c3dfa0290962045fc46cf03","first_seen":"2026-01-19T18:50:33.379161Z","last_seen":"2026-01-19T19:34:26.379849Z","times_seen":2,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}